vidar | 73f7b1dae75549f16ea9665fe0e7cf462735e5a5fd0ede8be05885113d13deda | Triage

Submit
Reports

Overview

overview

Static

static

Test.ps1

windows10-2004-x64

8

Test.ps1

windows10-ltsc 2021-x64

8

Test.ps1

windows11-21h2-x64

Sharing

General

Target

Test.ps1
Size

1KB
Sample

250213-2pmygaxlgz
MD5

90f005af971f731a22a09ee0985446d3
SHA1

ca1e851c896b62fffa7d675ca7920d630a71413e
SHA256

73f7b1dae75549f16ea9665fe0e7cf462735e5a5fd0ede8be05885113d13deda
SHA512

9828e013ffb952078b4a3dd6f77c13818bd82db8d800633efa457f83c620e827485f79ab4f994b673b75dcf34f87fdbfc53e881c2287a29fd7018a87d9ce713b

Score

10^/10

vidar credential_access discovery execution spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Test.ps1

Resource

win10v2004-20250207-en

discovery execution

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Test.ps1

Resource

win10ltsc2021-20250211-en

discovery execution

windows10-ltsc 2021-x64

11 signatures

150 seconds

Behavioral task

behavioral3

Sample

Test.ps1

Resource

win11-20250211-en

vidar credential_access discovery execution spyware stealer

windows11-21h2-x64

23 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://azsolver.com/files/main.exe

Extracted

Family

vidar

C2

https://t.me/b4cha00

https://steamcommunity.com/profiles/76561199825403037

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:137.0) Gecko/20100101 Firefox/137.0

Targets

- Target
  
  Test.ps1
- Size
  
  1KB
- MD5
  
  90f005af971f731a22a09ee0985446d3
- SHA1
  
  ca1e851c896b62fffa7d675ca7920d630a71413e
- SHA256
  
  73f7b1dae75549f16ea9665fe0e7cf462735e5a5fd0ede8be05885113d13deda
- SHA512
  
  9828e013ffb952078b4a3dd6f77c13818bd82db8d800633efa457f83c620e827485f79ab4f994b673b75dcf34f87fdbfc53e881c2287a29fd7018a87d9ce713b
Score

10^/10

discovery execution vidar credential_access spyware stealer
- Detect Vidar Stealer
  stealer
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar family
  vidar
- Blocklisted process makes network request
- Downloads MZ/PE file
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Modify Authentication Process

Steal Web Session Cookie

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution

behavioral3

vidarcredential_accessdiscoveryexecutionspywarestealer

© 2018-2025

Terms | Privacy